[Logcheck-devel] Bug#435438: logcheck-database: patch for amavisd-new

Tue Jul 31 18:49:52 UTC 2007

Package: logcheck-database
Version: 1.2.57
Severity: normal
Tags: patch

Logcheck is now reporting lines like this:

Jul 31 10:20:59 protempore amavis[6399]: (06399-02) Passed CLEAN, [64.147.162.140] [64.147.162.138] <bounce at yelp.com> -> <pst at xxx.org>, Message-ID: <20070731172049.23239.71223.ZGNJvxkzek8w5l33rxj1Aw at www.yelp.com>, mail_id: NdXYfYxZEllU, Hits: -0.853, queued_as: 3FCCF38060A, 7910 ms

and this:

Jul 31 10:27:13 protempore amavis[6351]: (06351-03) Passed CLEAN, [66.94.237.40] [69.105.72.133] <sentto-12845535-1079-1185902827-pst=xxx.org at returns.groups.yahoo.com> -> <pst at xxx.org>, Message-ID: <409424.58160.qm at web82603.mail.mud.yahoo.com>, mail_id: 8FgJcG5eo5MY, Hits: -2.598-3, queued_as: 0F1C638060A, 4705 ms

There are two bugs in the RE for ignore.d.server/amavisd-new, "hits"
had just a dash following it.  Please note both lines, as you can see,
hits can be a single number, or, sometimes, amavisd-new will put out
two numbers (second example).

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.21-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.13     Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information excluded
-------------- next part --------------

--- /etc/logcheck/ignore.d.server/amavisd-new	2007-07-14 04:11:10.000000000 -0700
+++ /tmp/b	2007-07-31 11:39:48.000000000 -0700
@@ -1,5 +1,5 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \(added by[^)]+\))?,( Resent-Message-ID: [^[:space:]]*,)? mail_id: [-+[:alnum:]]+, Hits: -, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2} <[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+, Message-ID: [^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: -, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \(added by[^)]+\))?,( Resent-Message-ID: [^[:space:]]*,)? mail_id: [-+[:alnum:]]+, Hits: [.[:digit:]-]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed INFECTED \([-._[:alnum:]]+\),( \[[.:[:xdigit:]]+\]){2} <[^>]*> -> <[^>]*>, quarantine: virus-[-+[:alnum:]]+, Message-ID: [^[:space:]]*, mail_id: [-+[:alnum:]]+, Hits: [.[:digit:]-]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from <[^.]*> containing [[:upper:] ]+, mail intentionally dropped$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace continuation lines$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) WARN: address modified \((sender|recipient)\): <[^>]+> -> <[^>]+>$
